• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Routing between HE and 6to4

Started by blshadow, June 04, 2011, 12:05:34 PM

Previous topic - Next topic

blshadow

Routing between Hurricane Electric tunnel and 6to4 does not work. ping6 ipv6.google.com is working, but i cannot ping 6to4 host, e.g. 2002:54cc:ad1e::1.

tracerout output from HE host (2001:470:25:431::2):
$ traceroute -6 2002:54cc:ad1e::1
traceroute to 2002:54cc:ad1e::1 (2002:54cc:ad1e::1), 30 hops max, 80 byte packets
1  blshadow-1.tunnel.tserv23.zrh1.ipv6.he.net (2001:470:25:431::1)  44.572 ms  45.771 ms  46.686 ms
2  * * *
3  * * *
4  * * *
5  * * *
6  * * *
7  * * *
8  * * *
9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *^C


traceroute output from 6to4 host (2002:54cc:ad1e::1):
$ traceroute -6 2001:470:25:431::2
traceroute to 2001:470:25:431::2 (2001:470:25:431::2), 30 hops max, 80 byte packets
1  * * *
2  s-b2-link.telia.net (2001:2000:3080:77::1)  13.477 ms  13.483 ms  13.458 ms
3  adm-b5-v6.telia.net (2001:2000:3018:d::1)  52.374 ms  54.660 ms  52.168 ms
4  hurricane-ic-140970-adm-sara-s1.c.telia.net (2001:2000:3080:1b9::2)  35.054 ms  35.056 ms  35.022 ms
5  10gigabitethernet1-1.core1.fra1.he.net (2001:470:0:47::2)  66.967 ms  66.971 ms  66.930 ms
6  10gigabitethernet1-1.core1.zrh1.he.net (2001:470:0:10d::2)  66.927 ms  54.647 ms *
7  * * *
8  * * *
9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * *^C

broquea

Filtering any IPv6 ICMP? I can't even ping6 your side of the tunnel from either our core router or the tunnel-server.

blshadow

Sorry, the problem was in iptables settings.

blshadow

Not working again with stopped ip6tables

leibold

#4
I can access many 6to4 sites from my home systems (behind HE tunnel), but trying to use those same sites in the daily tests for a higher IPv6 certification score always fails. Typical scenario is submitting a successful traceroute6 (to a 6to4 site) to the daily test fails because the certification test server can't ping the 6to4 destination address. I must have tried at least 10 different IPv6 addresses with 2002: prefix.

I'm not sure whether this is related to the problem you are seeing (it sounds like it is something different), but it does show that there appear to be issues with routing to 6to4 sites from within he.net.

Edit: I tried another 6to4 site today and it was accepted for the daily certification tests. I have no idea whether anything has changed in the meantime or whether it was just bad luck when all the earlier tests to 6to4 sites were failing.